summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main
diff options
context:
space:
mode:
authorkooper <sergey.sachkov@est.tech>2019-03-22 10:28:46 +0000
committerOren Kleks <orenkle@amdocs.com>2019-03-24 07:14:19 +0000
commitc5927b27b83286c6f4aef7ae5be19a16398c23ce (patch)
tree3d9ab610b97f27c4d1c32062d3ce1a334210ff1f /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main
parentb8cef3d6fe5ee531bcb13ec13f2e8a5b23b383ea (diff)
Retrieve issuer certificate
Change-Id: I22b9ed99d9b19ed300b5671826bd5cd369417f06 Issue-ID: SDC-2162 Signed-off-by: kooper <sergey.sachkov@est.tech>
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main')
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java102
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java8
2 files changed, 110 insertions, 0 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
new file mode 100644
index 0000000000..d2da7ef20f
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
@@ -0,0 +1,102 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2019, Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.openecomp.sdc.vendorsoftwareproduct.security;
+
+import com.google.common.collect.ImmutableSet;
+import org.openecomp.sdc.logging.api.Logger;
+import org.openecomp.sdc.logging.api.LoggerFactory;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * This is temporary solution. When AAF provides functionality for verifying certificates, this class should be reviewed
+ * Class is responsible for providing root certificates from configured location in onboarding container.
+ */
+public class SecurityManager {
+ private static final String CERTIFICATE_DEFAULT_LOCATION = "/root/cert";
+
+ private Logger logger = LoggerFactory.getLogger(SecurityManager.class);
+ private Set<Certificate> certificates = new HashSet<>();
+ private File certificateDirectory;
+
+
+ public SecurityManager(){
+ certificateDirectory = this.getcertDirectory();
+ }
+
+ private void processCertificateDir() {
+ if(!certificateDirectory.exists() || !certificateDirectory.isDirectory()){
+ logger.error("Issue with certificate directory, check if exists!");
+ return;
+ }
+
+ File [] files = certificateDirectory.listFiles();
+ if(files == null){
+ logger.error("Certificate directory is empty!");
+ return;
+ }
+ for(File f : files) {
+ certificates.add(loadCertificate(f));
+ }
+ }
+
+ private File getcertDirectory() {
+ String certDirLocation = System.getenv("SDC_CERT_DIR");
+ if(certDirLocation == null){
+ certDirLocation = CERTIFICATE_DEFAULT_LOCATION;
+ }
+ return new File(certDirLocation);
+ }
+
+ private Certificate loadCertificate(File certFile){
+ try (InputStream fileInputStream = new FileInputStream(certFile)){
+ CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ return factory.generateCertificate(fileInputStream);
+ } catch (CertificateException|IOException e) {
+ throw new SecurityManagerException("Error during loading Certificate file!", e);
+ }
+ }
+
+ /**
+ * Checks the configured location for available certificates
+ * @return set of certificates
+ */
+ public Set<Certificate> getCertificates() {
+ //if file number in certificate directory changed reload certs
+ String[] certFiles = certificateDirectory.list();
+ if(certFiles == null){
+ logger.error("Certificate directory is empty!");
+ return ImmutableSet.copyOf(new HashSet<>());
+ }
+ if(certificates.size() != certFiles.length){
+ certificates = new HashSet<>();
+ processCertificateDir();
+ }
+ return ImmutableSet.copyOf(certificates);
+ }
+}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java
new file mode 100644
index 0000000000..5c5a23a5f8
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java
@@ -0,0 +1,8 @@
+package org.openecomp.sdc.vendorsoftwareproduct.security;
+
+public class SecurityManagerException extends RuntimeException {
+
+ public SecurityManagerException(String s, Throwable t) {
+ super(s);
+ }
+}